The Evolution of Authentication
An analysis of 6 million accounts showed that 10,000 common passwords would have access to 99.8% of the accounts. When looking at passwords for banking accounts, it can be found that 73% of users shared their online banking password with at least one non-
- PDF / 302,450 Bytes
- 9 Pages / 476.22 x 680.315 pts Page_size
- 48 Downloads / 171 Views
Abstract An analysis of 6 million accounts showed that 10,000 common passwords would have access to 99.8% of the accounts. When looking at passwords for banking accounts, it can be found that 73% of users shared their online banking password with at least one non-financial site, which means that when the non-banking site gets hacked, the banking account is threatened. And it’s not only about security. According to a recent study conducted by the Ponemon Institute, more than 45% of the online transactions fail “Very Frequently” or “Frequently” due to authentication problems. Passwords do not work, yet no other technologies have been broadly deployed, why is that? Current alternative technologies require their respective proprietary server technology. The current authentication architecture therefore consists of ‘silos’ comprising the authentication method, the related client implementation and the related server technology. Instead of having a competition for better user authentication methods, authentication companies are faced with a battle for the best server technology. Other current challenges with Authentication include the need for flexibility. Today it is used for electronically initiating high value money transactions and for accessing the personal purchase history in an online bookshop. The security needs are different. The ongoing adoption of mobile devices and the BYOD trend lead to an increasingly heterogeneous authentication landscape. There is no one approach that can meet these diverse requirements. The FIDO Alliance, a new industry working group, has been founded to define an open, interoperable set of mechanisms that reduce the reliance on passwords.
1 Motivation Passwords don’t work: In 2007, the average user had 25 accounts, used 6.5 passwords and performed logins 8 times a day [1]. Today, things are much worse. An analysis of 6 million accounts showed that 10,000 common passwords would have access to 99.8% of the accounts [2]. This basically means that only 0.2% of the users chose strong passwords and it means that passwords provide an effective security equivalent to 5 digit PINs. Even when looking at passwords for banking accounts only, it can be found that 73% of users shared their online banking password with at least one non-financial site [3], which means that when the non-banking site gets hacked, the banking account is threatened. “Account or service hijacking is not new. Attack methods such as phishing, fraud, and exploitation of software vulnerabilities still achieve results. Credentials and passwords are often reused, which amplifies the impact of such attacks.” [4].
H. Reimer et al. (Eds.), ISSE 2013 Securing Electronic Business Processes, DOI 10.1007/978-3-658-03371-2_2, © Springer Fachmedien Wiesbaden 2013
12
The Evolution of Authentication
The password problem seems to be an important issue to solve: “Account and service hijacking, usually with stolen credentials, remains a top threat” [4]. It’s not only about security. According to a recent study, more than 45% of the onlin
Data Loading...
